Duties & responsibilities:
Functions required to be performed by the ISSM include:
Implement the six-step Risk Management Framework accreditation process for the AF EIS SharePoint environment.
Provide guidance, troubleshoot, provide support services in accordance with DoDI 8500.01 and AFI 10-1710 for all Cybersecurity needs of the AFNet EIS/AFMC EIS platforms to include, but not limited to:
- Develop and maintain an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and cybersecurity processes and procedures.
- Ensure that Information Owners (IO) and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each DoD Information Systems (IS) and Platform Information Technology (PIT) system are identified in order to establish accountability, access approvals, and special handling requirements.
- Maintain a repository for all organizational or system-level cybersecurity-related documentation.
- Ensure that Information System Security Officers (ISSOs) are appointed in writing and provide oversight to ensure that they are following established cybersecurity policies and procedures.
- Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring.
- Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations.
- Ensure implementation of IS security measures and procedures, including reporting incidents to the Authorizing Official (AO) and appropriate reporting chains and coordinating system-level responses to unauthorized disclosures in accordance with Reference (DoD Manual 5200.01, Volume 3, February 24, 2012, as amended) for classified information or Reference (DoD Manual 5200.01, Volume 4, February 24, 2012) for controlled unclassified information, respectively.
- Ensure that the handling of possible or actual data spills of classified information resident in ISs, are conducted in accordance with Reference (DoD Manual 5200.01, Volume 3, February 24, 2012, as amended).
- Act as the primary cybersecurity technical advisor to the AO for DoD IS and PIT systems under their purview.
- Ensure that cybersecurity-related events or configuration changes that may impact DoD IS and PIT systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs.
- Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system.